[fw-wiz] Domain Login Problem Thru Netscreen

• Previous message: Perrymon, Josh L.: "RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC"
• Next in thread: Dave Killion: "RE: [fw-wiz] Domain Login Problem Thru Netscreen"
• Maybe reply: Dave Killion: "RE: [fw-wiz] Domain Login Problem Thru Netscreen"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Thu, 30 Oct 2003 14:56:30 +0530

Hi,
I need some help from you guys. I will describe the scenario:

I am going to install a Netscreen firewall and that will have 4 Zones.
Two of them are not relevant in this context. The other two are. The
names of the Zones are Utility and DMZ. Now in Utility I am going to
place a WinNT PDC. People from DMZ will log in to the Box. In DMZ the
LAN users are there with some WAN users too. The WAN connects to
different other locations which have other Domains too.
The PDC is also a Exchange Server which will be replicating with another
Exchange Server in the WAN. Over that it is a Trend Micro Anti Virus
Server which will update Antivirus to the Desktops and the Servers at
other Zones. It will download signatures from Internet through the WAN
(DMZ ZONE).

The Requirement is to enable Domain Login for users from DMZ (LAN and
WAN) and enable Trust Relationship between domain at WAN and this
server.
My Question is:
Can this domain Login be done if I configure the DMZ interface as DHCP
Relay Agent pointing to the PDC? I case of Layer 3 Devices (Routers)
this can be done by using the command ip helper-address <ip address>
which is nothing but enabling DHCP Relay. Does this apply to a Netscreen
also? Can you please instruct me what all is required to facilitate this
communication. I do not want to use WINS.

Regards,
Nilanjan Sengupta

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Perrymon, Josh L.: "RE: [fw-wiz] Cisco PIX DHCP relay via IPSEC"
• Next in thread: Dave Killion: "RE: [fw-wiz] Domain Login Problem Thru Netscreen"
• Maybe reply: Dave Killion: "RE: [fw-wiz] Domain Login Problem Thru Netscreen"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: [fw-wiz] Domain Login Problem Thru Netscreen ... People from DMZ will log in to the Box. ... > LAN users are there with some WAN users too. ... > Exchange Server in the WAN. ... > Can this domain Login be done if I configure the DMZ interface as DHCP ... (Firewall-Wizards) Re: Sonicwall ... >> A server I have positioned him on the net DMZ with the following ... >> Another server I have positioned him on the net WAN with the following ... Why is this system on the WAN side of the SonicWall? ... I succeed from the lan to pingare the GW ... (comp.security.firewalls) Re: Where?: DMZ, DMZ w/NAT, LAN w/NAT, Proxy and Relay... ... I might do it anyway just to give me more control than Exchange does. ... IIS used to be a favorite way to crack a server. ... >> one WAN, or routed. ... >> preference would be to put the Exchange server in the DMZ and NAT it. ... (microsoft.public.exchange.setup) Re: DNS Error 6534 On Secondary DNS Zone (Primary Says It Transferred) ... >What's utterly frustrating is that the "other" DNS server on this side of ... >pretty much rules out any issues across the WAN doesn't it? ... zones for zones on the other server. ... (microsoft.public.windows.server.dns) RE: DMZ ... A DMZ is part of segmentation and access control, or what I call the "zone ... *Place some sort of mechanism for enforcing rules between zones (usually a ... This also dovetails into the concept of the "secondary compromise". ... specializes in security. ... (Focus-Microsoft)